From 662310ddb0a24af4fc7fc240d0664d1d5c42a19a Mon Sep 17 00:00:00 2001
From: Walter de Jong <walter.dejong@surfsara.nl>
Date: Wed, 6 Aug 2014 16:42:32 +0200
Subject: protect against buffer overflow

---
 src/pam_radius_auth.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c
index 887ee1e..853b8a1 100644
--- a/src/pam_radius_auth.c
+++ b/src/pam_radius_auth.c
@@ -107,6 +107,12 @@ static int _pam_parse(int argc, CONST char **argv, radius_conf_t *conf)
 
 		/* generic options */
 		if (!strncmp(*argv,"conf=",5)) {
+			/* protect against buffer overflow */
+			if (strlen(*argv+5) >= sizeof(conf_file)) {
+				_pam_log(LOG_ERR, "conf= argument too long");
+				conf_file[0] = 0;
+				return 0;
+			}
 			strcpy(conf_file,*argv+5);
 
 		} else if (!strcmp(*argv, "use_first_pass")) {
-- 
cgit v1.2.3